1

Digital Repository Audit & Certification

On behalf of CRL, RLG-OCLC, NARA, the DCC, DPE and nestor

Andrew McHugh

DCC Advisory/Audit Manager

Humanities Advanced Technology and Information Institute (HATII)�

University of Glasgow

Presentation to DP Award Judging Panel

London

June 19th, 2007

2

Digital Preservation Today

� Growth in creation of digital information with scholarly, scientific and cultural value continues to accelerate

� Practical approaches aimed at ensuring long-term authenticity, integrity and understandability of digital materials are emerging at a similar pace

� The discipline remains immature though:

� Are adopted approaches successful?

� What is the metric for defining success?

� Which approaches are appropriate for particular digital preservation challenges?

� Which preservation services and/or service providers can be trusted?

3

Trust, Trustworthiness and Safe Stewardship

� Evolution of the Digital Preservation (specifically Repository) Landscape:� Defining the problem

� Preserving Digital Information� Trusted Digital Repositories: Attributes & Responsibilities

� Practical Responses to the problem� repository software [DSPACE, ePrints, Fedora];

� metadata schema [PREMIS];� reference models [OAIS];

� This work focuses on determining the success of the solutions we propose or have already deployed

� “Stewardship is easy and inexpensive to claim; it is expensive and difficult to honor, and perhaps it will prove to be all too easy to later abdicate” Lynch (2003)�

4

Repository Environments

� Ten principles conceived for Digital Repositories

� An intellectual context for the work:� Commitment to digital object maintenance

� Organisational fitness

� Legal & regulatory legitimacy

� Effective & efficient policies

� Acquisition & ingest criteria

� Integrity, authenticity & usability

� Provenance

� Dissemination

� Preservation planning & action

� Adequate technical infrastructure

5

Chronology of this work

� 2002: Trusted Repositories Attributes & Responsibilities

� 2002: Reference Model for an Open Archival Information System (standardised as ISO 14721 in 2003)�

� 2005: RLG/NARA Draft Audit Check-list for Repository Certification released for public comment

� 2006-2007: CRL and DCC Pilot Repository Audits

� Dec 2006: Catalogue of Criteria for Trusted Digital Repositories published (en) by nestor

� Feb 2007: Digital Repository Audit Method Based on Risk Assessment (DRAMBORA) published by DCC/DPE

� Mar 2007: Trustworthy Repositories Audit & Certification (TRAC) Criteria and Check-list published by CRL

6

Trustworthy Repositories Audit & Certification (TRAC) Criteria and Check-list

� RLG/NARA assembled an International Task Force aimed at addressing issue of repository certification in 2003

� a set of criteria applicable to a range of digital repositories and archives, from academic institutional preservation repositories to large data archives and from national libraries to third-party digital archiving services.

� Provides tools for the audit, assessment, and potential certification of digital repositories

� Establishes documentation requirements required for audit

� Delineates a process for certification

� Establishes appropriate methodologies for determining the soundness and sustainability of digital repositories.

7

nestor Catalogue of Criteria for Trusted Digital Repositories

� Abstract criteria� applicable for a range of digital repositories, and valid over a longer period,

� Explanations, examples, references: � internationally discussed and standardised

� render the state-of-the-art � reflect specific, national conditions (legal framework, national organisational structure)

� Basic principle: Adequacy� evaluation is always based on the objectives and tasks of the individual digital repository concerned

� nestor - Working Group Trusted Repositories – Certification developed a Catalogue of Criteria

� aimed at memory organisations (libraries, archives, museums) andinstitutions, service providers devising, planning and implementing digital repositories

� provides guidance, tools for self-checking, and potentially certification

8

Digital Repository Audit Method Based on Risk Assessment (DRAMBORA)

� “A trusted digital repository will understand threats to and risks within its systems.” – from the introduction to the TRAC Criteria & Checklist

� Developed by DCC & DPE, DRAMBORA encourages repositories to:

� develop an organisational profile, describing and documenting mandate, objectives, activities and assets;

� identify and assess the risks that impede their activities and threaten their assets;

� manage the risks to mitigate the likelihood of their occurrence

� establish effective contingencies to alleviate the effects of the risks that cannot be avoided.

� Methodology, tools and associated examples support:

� Validation [“Are my efforts successful?”]� Preparation [“What must I do to satisfy external auditors?”]

� Anticipation [“Are my proposals likely to succeed?”]

9

How they fit together

10

International Coherence

� Practical aspects of the collaboration:

� Definition of shared set of Digital Repository principles

� Active cross pollination of ideas and personnel

� Ongoing pilot audit programmes of CRL, DCC, DPE and nestor

� Mutual review of documentary outputs

� Implicit aspects of the collaboration

� Pursuing a shared vision with a culture of shared action

� A successful international program of assessment requires community consensus, rather than competing strategies for repository audit and certification.

� Some differences reflect geopolitical obstacles – but the commonalities are much more noteworthy

� Efforts are ongoing to overcome such impediments

11

Benefits of TRAC, nestor and DRAMBORA

� Support the planning of new repositories or repository functions

� Facilitate organisational self-awareness of repository successes and shortcomings

� Engender trust from depositors, users, funders and other stakeholders

� Provide a necessary precursor to the viability of widespread preservation repository services

� Present an intellectual foundation upon which formal certification services can be built

12

Beneficiaries

� Repository administrators or those planning to developrepository infrastructures

� Those considering utilising repository services

� Information creators

� Information depositors

� Information end-users

� Funding bodies

� Repository management

� Accredited certifying agencies

13

The Bottom Line� Mechanisms for measuring & demonstrating success are vital

� Recent years have seen an increased sense of the importance of performance and capability measurement

� This consortium represents an international consensuscorresponding to a unified international drive of activity

� Integrated not simply by consortium agreements, but by a shared will in favour of delivering that which is required and expected by the international community

� With � international applicability;� immediate and demonstrable value;� an implicit culture of coordination and collaboration; and

� a conscious will to fulfil urgent and fundamental needs

the efforts of this consortium deserve the highest recognition that this community can offer

14

URLs

� Trustworthy Repositories Audit & Certification (TRAC) Criteria and Checklist

� http://www.crl.edu/PDF/trac.pdf

� nestor Catalogue of Criteria for Trusted Digital Repositories

� http://www.nbn-resolving.de?urn:nbn:de:0008-2006060703

� DCC/DPE Digital Repository Audit Method Based on Risk Assessment (DRAMBORA)�

� http://www.repositoryaudit.eu/download

� Ten basic characteristics of digital preservation repositories

� http://www.crl.edu/content.asp?l1=13&l2=58&l3=162&l4=92